Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove jsome dependency #914

Closed
mathiashoeld opened this issue Aug 28, 2019 · 4 comments
Closed

Remove jsome dependency #914

mathiashoeld opened this issue Aug 28, 2019 · 4 comments
Labels
You Can Do This This idea is well spec'd and ready for a PR

Comments

@mathiashoeld
Copy link

The npm package mem is marked as security vulnerability by Github. The package is a dependency of os-locale which is a dependency of yargs which is a dependency of jsome which has not been updated for 2 years, i.e. it is not likely that the yargs dependency will be updated anytime soon. (See this issue for reference)

To remove this security vulnerability it would be ideal to remove the dependency on jsome since it is probably only used only for styling the json output.
@mathiashoeld mathiashoeld changed the title Remove or update jsome dependency Remove jsome dependency Aug 28, 2019
@orta
Copy link
Member

orta commented Aug 28, 2019

Happy to have that switched out with something similar 👍

@orta orta added the You Can Do This This idea is well spec'd and ready for a PR label Aug 28, 2019
@orta
Copy link
Member

orta commented Sep 1, 2019

https://github.com/rafeca/prettyjson could do it

watchinharrison added a commit to watchinharrison/danger-js that referenced this issue Sep 24, 2019
@watchinharrison
(danger#914) replace jsome
f20e1e6 
repalce jsome with prettyjson
removes security issue with sub deps of jsome
watchinharrison added a commit to watchinharrison/danger-js that referenced this issue Sep 24, 2019
@watchinharrison
(danger#914) replace jsome
b9103ff 
repalce jsome with prettyjson
removes security issue with sub deps of jsome
@watchinharrison watchinharrison mentioned this issue Sep 24, 2019
Merged
peril-staging bot added a commit that referenced this issue Sep 24, 2019
@peril-staging
Merged by Peril
776153e 
(#914) replace jsome
This was referenced Sep 25, 2019
Merged
Closed
Closed
Merged
Merged
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@dependabot-preview dependabot-preview bot mentioned this issue Oct 6, 2019
Merged
This was referenced Oct 14, 2019
Closed
Closed
This was referenced Oct 21, 2019
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Oct 21, 2019
Closed
Closed
@platan
Copy link

platan commented Oct 23, 2019

I think this issue was resolved by #920. Can we close it?

@orta
Copy link
Member

orta commented Oct 23, 2019

Ace, sure

@orta orta closed this as completed Oct 23, 2019
This was referenced Oct 28, 2019
Merged
Closed
This was referenced Nov 4, 2019
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
You Can Do This This idea is well spec'd and ready for a PR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@orta @platan @mathiashoeld